Hey there, I've been playing around with certutil in an effort to tweak the trust settings for the pre-cooked CA roots without using the FF UI (so many clicks). It looks like I will have to use copy the certs into the cert8.db so that I can change the settings there - is this right or did I miss something? Is there a painless way to copy the certs over (aside from dumping from the pre-cooked cert store using certutil and then adding them to the cert8.db similarly)?
thanks ram This works: certutil -M -d ./ -n "a cert in cert8.db" -t w,w,w Ths fails as designed (as the cert is not in the cert8.db file): certutil -M -d ./ -n "a cert in P11 module and not in cert8.db" -t w,w,w This fails but I was hoping it would work: certutil -M -d ./ -h all -n "a cert in P11 module and not in cert8.db" -t w,w,w This last one is probably fails as desigend if the pre-cooked cert store is defined as read-only, presumably it could work for r/w P11 providers but that is not currrently supported in certutil as the failure message was (certutil -M: cannot use "-h all" for this command). _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
